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NERC CIP-013-1 "Cyber Security - 
Supply Chain Risk Management" 


Thank you for your inquiry regarding NERC Reliability Standard CIP-013-1 “Cyber Security - Supply Chain 
Risk Management.” Cisco has long maintained a robust Security and Privacy program which focuses on 
building security into the foundation of everything we do and make. This commitment to security cuts across 
our Secure Development Life Cycle, Product Security Incident Response Team, Computer Security Incident 
Response Team, Trustworthy Technologies, Data Protection Program, and Value Chain Security. We 
recognize the criticality of Value Chain Security and continually assess, monitor, and improve the security of 
the third parties who are part of our solutions’ life cycles. Cisco’s layered approach to Value Chain Security 
is core to our business, and part of what helps us earn a place as a trusted partner that assesses risk and 
effectively addresses security while enabling our customers’ business. We invite you to learn more about 
Cisco’s commitment to Security & Trust by visiting the Trust Center. 


Cisco products and services meet numerous security standards and are frequently certified or audited 
according to international accreditation schemes. These include Common Criteria, FIPS 14-2, ISO 27001, 
ISO 27017/27018, SOC-2, C5, and FedRAMP, among others. Details regarding specific certifications and 
audit reports for particular products and services can be found on the Cisco Trust Portal. Additionally, 
Cisco has obtained certification for IEC 62443-4-1, Product Security Development Life-cycle 
Requirements, for all loT and Industrial loT products in our portfolio. 


Lastly, Cisco’s Quality Management System is certified to ISO 9001. The scope of Cisco’s certification 
includes: Design, Development, Manufacturing Operations, Sales, Services, and Support for Networking, 
Data Center, Communications, Video, Collaboration and Security Products, Solutions and Services at Cisco 
sites globally. Cisco was first certified to ISO 9001 in 1993, and in 2007 Cisco achieved Global ISO 9001 
Certification. This certification covers all Cisco sites (300+) and functions under one quality management 
system. This certification approach promotes a common process infrastructure worldwide and 
demonstrates Cisco’s commitment to quality. 


Please do not hesitate to contact us for any additional information. 


Ajea 
CISCO 
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